Monday, January 26, 2009

Primary Risk Response Planning Outputs

As a project manager, you will often face sudden or unexpected risks—risks that were not identified or prepared for during risk response planning. The best way to respond to these kinds of risks is to monitor and try to control them by examining the primary risk response planning outputs.

In addition to the risk response plan, there are four primary risk response planning outputs that you can use to ensure successful project completion: residual risks, secondary risks, contractual agreements, and contingency reserve amounts.
  • residual risks
    The first output that will result from your project's risk response planning process is residual risks. These are the risks that remain after avoidance, transference, and mitigation responses have been implemented.

    Residual risks also include any minor risks that have been accepted and addressed during risk response planning through the addition of contingency amounts to the project budget or schedule.

  • secondary risks
    The second output that will result from your project's risk response planning process is secondary risks. These are risks that arise as a direct result of implementing a risk response.

    Secondary types of risks should be identified as soon as possible so that appropriate and effective risk responses can be planned. For example, due to the complexity and detail involved in most projects, it is possible that adding personnel resources to address one identified risk may result in a risk of cost or schedule overruns in another project phase.

  • contractual agreements
    Another risk response planning output that is useful in promoting project success is contractual agreements. These types of agreements help to ensure that all parties involved in a project's development are aware of their responsibilities and bound by law to fulfill all agreed-upon commitments.

    A contract is typically defined as a mutually binding agreement that obligates a seller to provide a specified product and requires a buyer to pay for it. As a result, contractual agreements are essential to risk management.

    Contractual agreements are also used to help specify each party's responsibility for specific risks. For example, a contract between an insurance provider and a company will detail the insurance provider's responsibility to pay out a certain amount of money to the company in the event that an insured risk occurs. Contractual agreements, as an output of risk response planning, will help you be confident that specific identified risks will be responded to in a timely and efficient manner.

  • contingency reserve amounts
    The final output that results from your project's risk response planning process is contingency reserve amounts. These reserve amounts are over and above the estimated amount of time and resources allotted for a particular project. These additional resources are set aside to help reduce the risk of overruns to project objectives as a result of risk.

    Contingency reserve amounts will help you lower potential overruns to a level that is acceptable to your project stakeholders.

    Contingency reserve amounts are usually determined by the project manager with the aid of the project's established risk thresholds and probabilistic analyses. These analyses are used to forecast potential project schedule and cost results.
As a project manager, it is important to remember that almost every risk response will have a corresponding effect. Most risk responses involve expenditures of additional time, cost or resources and therefore require changes to the project plan. The results of the risk response planning process must be incorporated into the project plan to ensure that agreed actions are implemented and monitored as part of the ongoing project.

Other risk response planning outputs contribute to project success. You will want to use them to ensure that your project is protected from threatening project risks and prepared for the risk monitoring and control process.

Thursday, January 22, 2009

Determining the Most Appropriate Risk Response

As a project manager, you can use a risk response plan to ensure that you meet your project objectives. A risk response plan is a document that details an identified risk, its cause, probability of occurrence, potential impact, and proposed responses. An effective risk response plan will help you enhance risk opportunities and reduce risk threats.

A risk response plan, which is sometimes called a risk register, is comprised of a number of different components. A typical project's risk response plan includes the following components:
  • a detailed list of all identified project risks
  • the risk owners responsible for formulating and implementing one or more risk responses
  • the results from the project's qualitative and quantitative risk analyses
  • the established responses for each identified risk
  • the expected level of residual risk
  • the specific actions required to implement the chosen response
  • the budget and timing for all risk responses
  • a description of any contingency or fallback plans.
One of the most important components of a risk response plan is "the established responses for each identified risk." As a project manager, it is your job to select the most appropriate and effective response for managing that risk. Once this selection is made, the agreed-upon risk response is entered into the project's risk response plan.

How do you determine which risk response will be the most appropriate and effective for an identified project risk? There are three important questions that you should ask yourself when making this critical decision.
  1. What are the potential risk responses?
    The first question that you should ask yourself when determining the most appropriate risk response for one of your identified project risks is: What are the potential risk responses? You should apply the four risk response strategies to your risk, discard those strategies that are either impossible or impractical to use, and formulate potential responses from the strategies that remain.

    • Avoidance - should be used when the level of risk is unacceptable, when the means for controlling the risk are not feasible or when there is a potential for harm. This risk response strategy involves changing the project plan to eliminate the risk or the condition causing the risk.

    • Transference - should be used when there is a potential for significant financial exposure. Risks can be transferred through insurance, performance bonds, warranties, and contracts. This strategy shifts the consequences of a risk to a third party, such as an insurance company.

    • Mitigation - should be used when there is an opportunity to significantly reduce the probability or consequences of an identified risk. Throughout a project's life cycle, it may be possible to perform risk mitigation by reducing both the risk probability and the risk consequences.

    • Acceptance - should be used when the probability and consequences of an identified risk are low. This strategy results in no changes to the project plan. It involves leaving a project team to deal with a risk when it occurs or forming a contingency plan to deal with the risk if it occurs.

  2. What are the project constraints?
    The second question that you should ask yourself when determining an appropriate and effective risk response for an identified risk is: What are the project constraints? The PMBOK Guide defines a constraint as an "applicable restriction that will affect the performance of a project." No project is completely free of constraints. As a result, you will need to keep this in mind when selecting an appropriate risk response. Constraints will limit the choices available to you during risk response planning.

    For example, you may initially decide that avoiding a risk by changing the project scope is an appropriate response for a given risk. However, a careful examination of the constraints facing your project may indicate that avoidance is not possible or that it is unwise given your circumstances.

    During the life cycles of your projects, you may encounter many different types of constraints. However, there are some constraints that you will face more frequently than others. A few of these constraints are listed below.

    • An established project budget - An established project budget is one constraint that can affect your selection of risk responses. For example, if your project is restricted by a tight budget, any responses that require a vast amount of funding to implement will be deemed unwise and detrimental to project success.

    • A defined project schedule - A defined project schedule can also act as a constraint when determining the most appropriate response for an identified risk. For example, if your project's sponsors have established an inflexible schedule, the responses that will add time or cause delays to the project schedule will have to be rejected.

    • Contractual obligations - Another constraint is contractual obligations. Risk responses may need to be discarded if they have the potential to deviate from a signed contract. For example, you cannot reduce the risk of cost overruns by paying your contractor less than the amount agreed upon in the project contract.

    • Product specifications - The final constraint that can affect your selection of risk responses is product specifications. If project sponsors are expecting a particular product, they may be unwilling to approve any changes to the project scope. This decision can limit your options when responding to risk.

  3. Which risk response will be the most appropriate for managing the risk?
    The final question that you need to ask yourself when determining an appropriate risk response for an identified project risk is: Which risk response will be the most appropriate for managing the risk? Once you have decided what the potential risk responses are and what constraints are facing your project, you can then determine the most appropriate and effective risk responses for your project risks.

    By eliminating those responses that are not feasible for your project or those that cannot be achieved due to certain constraints, you will be left with only the responses that are appropriate for the chosen risk. These responses will serve to protect the project from the risk's potential impact.
As a project manager, you can determine the most appropriate risk response for a given project risk by answering the following questions: what are the potential risk responses, what are the project constraints, and which risk response will be the most appropriate for managing the risk?

Once this determination is made, you can include your chosen risk response into your risk response plan. This plan will help you enhance risk opportunities and reduce risk threats to project objectives and overall project outcomes.

Wednesday, January 14, 2009

Accepting Risks with a Contingency Plan

In addition to avoidance, transference, and mitigation, acceptance is also an important strategy for effective risk response planning. Acceptance is a strategy that indicates that a project manager and a project team have decided not to change the established project plan in order to deal with an identified risk. Acceptance may also be performed if a project manager is unable to identify any other suitable risk response strategy to effectively handle the identified risk.

If you choose to accept a project risk, you need to develop a contingency plan that can be implemented should the risk occur. Developing a contingency plan in advance can greatly reduce the cost of future risk responses.

Every contingency plan contains specific details that are only relevant to the identified risk and the project at hand. However, all contingency plans should contain the following components: the plan objective, implementation criteria, roles and responsibilities, resource requirements, operation procedures, and discontinuation criteria.
  • The plan objective
    For a contingency plan to be effective, a project manager must first ensure that there is an established plan objective. This objective should clearly detail the risk of failure that prompted the creation of the contingency plan.

    A project manager must also decide what the desired outcome of implementing the plan will be: to continue normal operations, to continue operations in a degraded mode or to abort a project area as quickly and as safely as possible. The plan objective should also outline the potential impact, in terms of financial costs, on the organization.

  • Implementation criteria
    In addition to establishing a plan objective, a project manager must ensure that an effective contingency plan contains well-defined implementation criteria.

    You and your project team must understand when your contingency plan should be implemented. In addition, this criteria outlines the specific failure, or risk trigger, that necessitates the start up of your project's contingency plan. For example, the contingency plan will be implemented in the event of a network failure.

  • Roles and responsibilities
    The third essential component of an effective contingency plan is the designation of roles and responsibilities. A project manager must decide who will be responsible for making implementation decisions, such as implementing the contingency plan or informing the team that the project is operating in contingency mode.

    The roles and responsibilities component clearly outlines who is responsible for plan implementation. For example, the technical engineer on duty will be in charge of activating the contingency plan in case of a network failure.

  • Resource requirements
    The resource requirements component details the equipment, supplies, funding, and overtime estimates needed to activate the planned response. To create a list of required resources, you need to ask yourself the following questions.
    • What equipment will be needed to implement the contingency plan? What equipment will be required once the plan is activated and in full operation?

    • What types of materials or supplies will be needed to implement and operate the contingency plan? What quantity of materials and supplies will be required?

    • How much should your contingency plan budget be in order to effectively fund the contingency mode operations?

    • How much overtime will employees be expected to undertake in order to keep the project on track during contingency mode?

    Having a list of resource requirements available before an emergency arises allows you to move quickly and easily into contingency mode to meet the plan objective.
  • Operation procedures
    Operation procedures outline plan implementation instructions so that everyone will know what to do in an emergency. For example, in case of a network failure, Sarah will switch the network to backup mode in order to save important data.

    The procedures must also describe how project personnel will be informed that the plan is being implemented. Operation procedures should also define how records will be managed and data security ensured.
  • Discontinuation criteria
    Discontinuation criteria describe how to determine when a project should move from contingency mode back to normal operating mode. This criteria will outline the conditions or events and the timing that make it possible to discontinue the contingency plan. For example, the network has to be fully tested and be 100 percent operational before returning to normal mode.
The development of an effective contingency plan, as part of acceptance, will help you create options and potential actions that will serve to reduce threats to critical project objectives and to promote project success.

Monday, January 12, 2009

Methods for Mitigating Project Risks

All project managers want to make certain that their projects are on the road to successful project completion. One way for project managers to accomplish this is to use a risk response strategy called mitigation. Mitigation attempts to reduce the probability and consequences of identified project risks to an acceptable threshold.

It is important to remember that taking early action to reduce the probability of a risk's occurrence or its consequences on critical project objectives is often more effective than trying to repair the adverse consequences after the risk has occurred. During the risk response planning process, every effort should be made to prepare for project risks in advance so that a project's completion will not be severely threatened by its identified risks.

Project managers use two primary strategies to mitigate identified risks. The first strategy is to reduce risk probability. The second is to reduce risk consequences.
  1. Reduce risk probability.
    Reducing risk probability is a mitigation strategy that attempts to deal with a risk before it gets out of control. Since not every risk can be avoided, reducing its probability of occurrence to the lowest possible percentage may be the most effective and realistic option.

    The purpose of reducing the probability of a risk's occurrence is to minimize the potential threat to critical project objectives and outcomes. Examples of reducing risk probability include safety training, improved quality of project materials, cost control systems or marketing a more stable and sellable product.

    Reducing risk probability is a preventative approach and its corresponding risk responses are always implemented before a risk actually occurs.

  2. Reduce risk consequences.
    In many instances, there will be no way for you to prevent or significantly reduce the probability of risk occurrence. As a result, reducing risk consequences will be the most effective mitigation strategy to use.

    Once you know that you can do little to prevent a risk from occurring, you will want to develop as many options as possible to reduce the consequences of that risk if it does occur.

    Developing options to prepare for uncontrollable elements such as weather or environmental disasters, increasing the probability of knowing that a risk is occurring, and formulating options to deal with the risk impact after it occurs are all examples of reducing risk consequences.

    While reducing risk probability is seen as more of a preventative approach to mitigation, reducing risk consequences can be described as a backup approach.

    Reducing risk consequences aims to minimize the impact of an identified project risk after its occurrence.

    Proposed risk responses may be put in place before or after a risk's occurrence.
Mitigation is an important strategy in the risk response planning process. Project managers can protect many of their critical project objectives by reducing the probability or consequences of risks identified in the risk identification or risk analysis processes.

As a project manager, you can use mitigation to prevent or minimize the probability and consequences of threatening project risks. This will help you ensure that your project outcomes are completed as planned.

Monday, January 5, 2009

Four Ways to Transfer Risk

As a project manager, it is important for you to understand that the act of sharing can play a valuable role in your project's risk response planning process. Sometimes, the most efficient and effective way of dealing with project risks is to share the responsibility for their response with others.

Transference is a risk response strategy that does just that. It shifts the responsibility of a risk, or part of a risk, to a third party. Transference does not eliminate a risk or its potential consequences. This risk response strategy simply gives another party responsibility for the management of that risk.

Although a project will encounter many different types of risks, transferring risk liability is usually most effective when dealing with financial risk exposure.

Transference often involves the payment of a risk premium to the party taking on the risk. For example, a company will pay a monthly premium to its insurance provider as payment for the provider taking on one or more of the project's risks.

During your project's risk response planning process, you may decide that transference is the most appropriate strategy to use in order to effectively respond to one of your identified project risks. Once you make this decision, you must choose the transference method that will best address that risk. There are four methods available for you to use when transferring the responsibility for an identified risk.
  1. Insurance
    Insurance is a transference method that shifts the responsibility of specified risks to an insurance company. Typically, insurance companies provide monetary coverage for losses that result from such things as legal liability, fire damage, theft, or vandalism.

    One of the most common methods of transferring risk and its potential consequences is to purchase insurance. As a project manager, you can share the responsibility of some of your project's identified risks by having an insurance company provide financial coverage for potential risk losses. During your project's risk response planning process, you should set aside risks that can be insured and transfer the responsibility for those risks to your company's insurance provider.

    Some of the most common insurable project risks are:
    • Direct Property Damage - to project equipment, project materials or a contractors' property.
    • Indirect Losses - such as equipment replacement and business interruption.
    • Legal Liability - such as public employee bodily injury, design errors, public property damage, and the failure of a product to perform as specified.
    • Personnel Issues - such as employee replacement costs.

    For project managers to transfer a project risk through the method of insurance, two conditions must be met. The first condition is that the potential risk loss must be due to chance. Insurance companies do not want to provide monetary coverage for risks that result from human error or poor project planning.

    The second condition that must be met in order for a risk to be eligible for insurance is that the potential risk loss must be measurable. This means that the risk loss must have an assigned monetary value. A project risk cannot be insured if the potential loss is expected to be personal or emotional.

  2. Performance bonds
    Performance bonds shift the financial responsibility for poor performance back to the contractor. These bonds are usually issued by a financial institution, such as a bank, and force contractors to pay out a specified sum of money if their performance is unacceptable.

    Project managers obtain performance bonds to guarantee the satisfactory completion of contracted work. These bonds provide monetary compensation to a company if its contractor fails to achieve the proposed project work.

  3. Warranties
    Warranties are written guarantees that purchased project equipment will be of good quality. This transference method shifts the cost and responsibility for repair or replacement of defective parts to the manufacturer.

  4. Contracts
    A contract is a binding and legally enforceable agreement between two or more persons or parties. During risk response planning, project managers can use contracts to help eliminate or minimize the impact of identified project risks.

    In most cases, contracts are established between an organization and its contractors at the onset of a project. These contracts contain numerous details and clearly outline the contractor's responsibilities throughout the project. This transference method helps shift the potential cost and consequences of incomplete, tardy, or unsatisfactory work back to the contractor. A contract also protects the contractor, ensuring the company meets its obligations as well. This helps reduce the overall risk impact on the project.

    Another benefit of a contract is that you may not have sufficient expert resources within your company to perform all of the various project activities in an efficient and effective manner. Contracting some of your project work out to someone with superior knowledge and expertise in a particular area can reduce the risk of poor performance or unsatisfactory project design.
It is important to keep the four transference methods in mind when formulating responses to your project's identified risks. If your project requires a contractor, it is good to obtain a performance bond to ensure that expected performance levels are maintained. In addition, if your project materials are purchased from an external source, it is wise to have a warranty in place to protect your company against material defect risks.

If you decide to respond to some of your identified risks by purchasing insurance, you will be able to protect your company from costly, unexpected, and unpredictable risks, such as legal liability and personnel injuries. If you choose to establish a contract at the onset of your project, you will reduce the risk of project plan deviations and miscommunication. You must carefully consider each transference method and determine which one will be most effective in minimizing the impact of an identified project risk.

Insurance, performance bonds, warranties, and contracts are the four primary methods for transference. During the risk response planning process, project managers can use transference to help them reduce the impact of potential risks to project objectives and overall project outcomes.

As a project manager, you should examine all of your project's identified risks and set aside those that will benefit from transference. This will minimize your project's overall risk impact and promote a successful project completion.